diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2017-02-10 08:34:57 -0800 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-02-10 08:36:42 -0800 |
| commit | abcba32c262e575b562ec0e481e55538536f969f (patch) | |
| tree | f873cc4c0190d9e4d77439031eeade3a9a59dc34 /src | |
| parent | cef233eeb8366580f76e8324695e6f964cb160d0 (diff) | |
| download | emacs-abcba32c262e575b562ec0e481e55538536f969f.tar.gz emacs-abcba32c262e575b562ec0e481e55538536f969f.tar.bz2 emacs-abcba32c262e575b562ec0e481e55538536f969f.zip | |
Fix a few integer-overflow glitches
* src/composite.c (composition_compute_stop_pos, composition_reseat_it):
* src/dispextern.h (struct composition_it.rule_idx):
* src/keyboard.c (Fset__this_command_keys):
* src/xwidget.c (webkit_js_to_lisp):
Don’t assume object sizes fit in ‘int’.
* src/xwidget.c (Fxwidget_resize):
Don’t assume Emacs integers fit in ‘int’.
Diffstat (limited to 'src')
| -rw-r--r-- | src/composite.c | 89 | ||||
| -rw-r--r-- | src/dispextern.h | 2 | ||||
| -rw-r--r-- | src/keyboard.c | 2 | ||||
| -rw-r--r-- | src/xwidget.c | 12 |
4 files changed, 50 insertions, 55 deletions
diff --git a/src/composite.c b/src/composite.c index f23bb17c57a..b673c53ac83 100644 --- a/src/composite.c +++ b/src/composite.c @@ -1012,7 +1012,7 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos, val = CHAR_TABLE_REF (Vcomposition_function_table, c); if (! NILP (val)) { - for (int ridx = 0; CONSP (val); val = XCDR (val), ridx++) + for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++) { Lisp_Object elt = XCAR (val); if (VECTORP (elt) && ASIZE (elt) == 3 @@ -1063,54 +1063,48 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos, while (char_composable_p (c)) { val = CHAR_TABLE_REF (Vcomposition_function_table, c); - if (! NILP (val)) + for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++) { - Lisp_Object elt; - int ridx, blen; - - for (ridx = 0; CONSP (val); val = XCDR (val), ridx++) + Lisp_Object elt = XCAR (val); + if (VECTORP (elt) && ASIZE (elt) == 3 + && NATNUMP (AREF (elt, 1)) + && charpos - XFASTINT (AREF (elt, 1)) > endpos) { - elt = XCAR (val); - if (VECTORP (elt) && ASIZE (elt) == 3 - && NATNUMP (AREF (elt, 1)) - && charpos - XFASTINT (AREF (elt, 1)) > endpos) - { - ptrdiff_t back = XFASTINT (AREF (elt, 1)); - ptrdiff_t cpos = charpos - back, bpos; + ptrdiff_t back = XFASTINT (AREF (elt, 1)); + ptrdiff_t cpos = charpos - back, bpos; - if (back == 0) - bpos = bytepos; - else - bpos = (NILP (string) ? CHAR_TO_BYTE (cpos) - : string_char_to_byte (string, cpos)); - if (STRINGP (AREF (elt, 0))) - blen = fast_looking_at (AREF (elt, 0), cpos, bpos, - start + 1, limit, string); - else - blen = 1; - if (blen > 0) + if (back == 0) + bpos = bytepos; + else + bpos = (NILP (string) ? CHAR_TO_BYTE (cpos) + : string_char_to_byte (string, cpos)); + ptrdiff_t blen + = (STRINGP (AREF (elt, 0)) + ? fast_looking_at (AREF (elt, 0), cpos, bpos, + start + 1, limit, string) + : 1); + if (blen > 0) + { + /* Make CPOS point to the last character of + match. Note that BLEN is byte-length. */ + if (blen > 1) + { + bpos += blen; + if (NILP (string)) + cpos = BYTE_TO_CHAR (bpos) - 1; + else + cpos = string_byte_to_char (string, bpos) - 1; + } + back = cpos - (charpos - back); + if (cmp_it->stop_pos < cpos + || (cmp_it->stop_pos == cpos + && cmp_it->lookback < back)) { - /* Make CPOS point to the last character of - match. Note that BLEN is byte-length. */ - if (blen > 1) - { - bpos += blen; - if (NILP (string)) - cpos = BYTE_TO_CHAR (bpos) - 1; - else - cpos = string_byte_to_char (string, bpos) - 1; - } - back = cpos - (charpos - back); - if (cmp_it->stop_pos < cpos - || (cmp_it->stop_pos == cpos - && cmp_it->lookback < back)) - { - cmp_it->rule_idx = ridx; - cmp_it->stop_pos = cpos; - cmp_it->ch = c; - cmp_it->lookback = back; - cmp_it->nchars = back + 1; - } + cmp_it->rule_idx = ridx; + cmp_it->stop_pos = cpos; + cmp_it->ch = c; + cmp_it->lookback = back; + cmp_it->nchars = back + 1; } } } @@ -1203,10 +1197,10 @@ composition_reseat_it (struct composition_it *cmp_it, ptrdiff_t charpos, { Lisp_Object lgstring = Qnil; Lisp_Object val, elt; - ptrdiff_t i; val = CHAR_TABLE_REF (Vcomposition_function_table, cmp_it->ch); - for (i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val)); + for (EMACS_INT i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val)) + continue; if (charpos < endpos) { for (; CONSP (val); val = XCDR (val)) @@ -1255,6 +1249,7 @@ composition_reseat_it (struct composition_it *cmp_it, ptrdiff_t charpos, if (NILP (LGSTRING_ID (lgstring))) lgstring = composition_gstring_put_cache (lgstring, -1); cmp_it->id = XINT (LGSTRING_ID (lgstring)); + int i; for (i = 0; i < LGSTRING_GLYPH_LEN (lgstring); i++) if (NILP (LGSTRING_GLYPH (lgstring, i))) break; diff --git a/src/dispextern.h b/src/dispextern.h index eb71a82311c..e030618a9b7 100644 --- a/src/dispextern.h +++ b/src/dispextern.h @@ -2215,7 +2215,7 @@ struct composition_it the automatic composition. Provided that ELT is an element of Vcomposition_function_table for CH, (nth ELT RULE_IDX) is the rule for the composition. */ - int rule_idx; + EMACS_INT rule_idx; /* If this is an automatic composition, how many characters to look back from the position where a character triggering the composition exists. */ diff --git a/src/keyboard.c b/src/keyboard.c index 168232203fe..ed8e71fd0a7 100644 --- a/src/keyboard.c +++ b/src/keyboard.c @@ -10020,7 +10020,7 @@ Internal use only. */) add_command_key (make_number ('x' | meta_modifier)); else add_command_key (make_number (key0)); - for (int i = 1; i < SCHARS (keys); i++) + for (ptrdiff_t i = 1; i < SCHARS (keys); i++) add_command_key (make_number (SREF (keys, i))); return Qnil; } diff --git a/src/xwidget.c b/src/xwidget.c index 4ba1617d8df..5c276b1371c 100644 --- a/src/xwidget.c +++ b/src/xwidget.c @@ -301,13 +301,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value) { JSStringRef pname = JSStringCreateWithUTF8CString("length"); JSValueRef len = JSObjectGetProperty (context, (JSObjectRef) value, pname, NULL); - int n = JSValueToNumber (context, len, NULL); + EMACS_INT n = JSValueToNumber (context, len, NULL); JSStringRelease(pname); Lisp_Object obj; struct Lisp_Vector *p = allocate_vector (n); - for (int i = 0; i < n; ++i) + for (ptrdiff_t i = 0; i < n; ++i) { p->contents[i] = webkit_js_to_lisp (context, @@ -323,13 +323,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value) JSPropertyNameArrayRef properties = JSObjectCopyPropertyNames (context, (JSObjectRef) value); - int n = JSPropertyNameArrayGetCount (properties); + ptrdiff_t n = JSPropertyNameArrayGetCount (properties); Lisp_Object obj; /* TODO: can we use a regular list here? */ struct Lisp_Vector *p = allocate_vector (n); - for (int i = 0; i < n; ++i) + for (ptrdiff_t i = 0; i < n; ++i) { JSStringRef name = JSPropertyNameArrayGetNameAtIndex (properties, i); JSValueRef property = JSObjectGetProperty (context, @@ -733,8 +733,8 @@ DEFUN ("xwidget-resize", Fxwidget_resize, Sxwidget_resize, 3, 3, 0, (Lisp_Object xwidget, Lisp_Object new_width, Lisp_Object new_height) { CHECK_XWIDGET (xwidget); - CHECK_NATNUM (new_width); - CHECK_NATNUM (new_height); + CHECK_RANGED_INTEGER (new_width, 0, INT_MAX); + CHECK_RANGED_INTEGER (new_height, 0, INT_MAX); struct xwidget *xw = XXWIDGET (xwidget); int w = XFASTINT (new_width); int h = XFASTINT (new_height); |